From 7a3638173e406ce7cbd682213606e3152244fcb2 Mon Sep 17 00:00:00 2001
From: Gary Lin <glin@suse.com>
Date: Wed, 19 Dec 2018 11:27:42 +0800
Subject: [PATCH 23/62] shim: only include shim_cert.h in shim.c

The shim_cert array was declared as a static array, and every user of
shim_cert.h would create a shim_cert array for its own and grow the file
size. To remove the unnecessary duplicate shim_cert arrays, this commit
declares shim_cert in shim.c while other users still can access the
array through the external variables: build_cert and build_cert_size.

Signed-off-by: Gary Lin <glin@suse.com>
Upstream-commit-id: 4e2d62f0f4e
---
 shim.c | 11 +++++++++++
 shim.h |  7 ++++---
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/shim.c b/shim.c
index e4d4fea226d..0a95f94b360 100644
--- a/shim.c
+++ b/shim.c
@@ -34,6 +34,9 @@
  */
 
 #include "shim.h"
+#if defined(ENABLE_SHIM_CERT)
+#include "shim_cert.h"
+#endif /* defined(ENABLE_SHIM_CERT) */
 
 #include <openssl/err.h>
 #include <openssl/bn.h>
@@ -75,6 +78,10 @@ UINT32 vendor_cert_size;
 UINT32 vendor_dbx_size;
 UINT8 *vendor_cert;
 UINT8 *vendor_dbx;
+#if defined(ENABLE_SHIM_CERT)
+UINT32 build_cert_size;
+UINT8 *build_cert;
+#endif /* defined(ENABLE_SHIM_CERT) */
 
 /*
  * indicator of how an image has been verified
@@ -2562,6 +2569,10 @@ efi_main (EFI_HANDLE passed_image_handle, EFI_SYSTEM_TABLE *passed_systab)
 	vendor_dbx_size = cert_table.vendor_dbx_size;
 	vendor_cert = (UINT8 *)&cert_table + cert_table.vendor_cert_offset;
 	vendor_dbx = (UINT8 *)&cert_table + cert_table.vendor_dbx_offset;
+#if defined(ENABLE_SHIM_CERT)
+	build_cert_size = sizeof(shim_cert);
+	build_cert = shim_cert;
+#endif /* defined(ENABLE_SHIM_CERT) */
 	CHAR16 *msgs[] = {
 		L"import_mok_state() failed\n",
 		L"shim_int() failed\n",
diff --git a/shim.h b/shim.h
index c26d5f06538..e4d40505f09 100644
--- a/shim.h
+++ b/shim.h
@@ -122,9 +122,6 @@
 #include "include/variables.h"
 
 #include "version.h"
-#ifdef ENABLE_SHIM_CERT
-#include "shim_cert.h"
-#endif
 
 INTERFACE_DECL(_SHIM_LOCK);
 
@@ -172,6 +169,10 @@ extern UINT32 vendor_cert_size;
 extern UINT32 vendor_dbx_size;
 extern UINT8 *vendor_cert;
 extern UINT8 *vendor_dbx;
+#if defined(ENABLE_SHIM_CERT)
+extern UINT32 build_cert_size;
+extern UINT8 *build_cert;
+#endif /* defined(ENABLE_SHIM_CERT) */
 
 extern UINT8 user_insecure_mode;
 extern UINT8 ignore_db;
-- 
2.26.2